Technical information
Network Security White Paper ver. G.1.2
Page 11 of 72
1-2-5 Interception of network packets:
When accessing the products using TELNET, the username and password are sent in clear text,
because the TELNET protocol itself does not support encryption. So if the username and password are
intercepted, the possibility of unauthorized access and changes being made does exist.
1-2-6 Brute force password crack:
The RICOH network device can detect a high frequency of failed logins. If the number of login attempts
exceeds a configured threshold, the device will send an e-mail to the administrator. All failed logins will
be logged.
1-2-7 Possibility of Successful DoS (Denial of Service) Attacks
The RICOH network device can detect a high frequency of logins and delay responses to that user’s
login requests. The device will also send an e-mail to the administrator. The device will log this and a
message showing that the device is currently under attack will be displayed in Web Image Monitor.
1-2-8 Recommended Precautions
The following are suggested precautions against threats to the embedded TELNET service.
Scenario 1: Basic security settings
Change the username and password from the default value to something difficult to guess and change it
regularly.
The username and password are the same as those used for logging into Web Image Monitor in
Administrator mode; therefore, changing the username and password for the mshell means changing
them for Web Image Monitor’s Administrator mode.
Scenario 2: High security policy
Close the TELNET port:
The TELNET port can be completely closed using Web Image Monitor. When TELNET is disabled, the
services provided by the mshell will not be available. TELNET should only be opened in cases where a
machine setting needs to be changed and cannot be changed any other way. Before logging in, the
products should be removed from the network and connected to a single PC. After the setting is
changed, TELNET should be immediately closed again and can rejoin the network.